The answer could probably involve involve fail2ban, which can monitor logfiles and dynamically add and later remove iptable rules depending on the results, though many of the tutorials you'll find probably deal with avoiding brute-force login attempts.
–
Ulrich SchwarzJul 18 '12 at 6:00

1 Answer
1

I moved my entire site (name-based VHosts) to SSL and redirect every Request with HTTP 301 "Moved permanently". This had the benefit of having a much much simpler apache-config (one 100 line file) AND most spammers / bots are completely gone. Apparently the don't manage the redirect or SSL.